Lucene search
+L

379 matches found

Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.16 views

PT-2026-39458

Name of the Vulnerable Software and Affected Versions PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description The DOMNode::C14N method may process XML data incorrectly, leading to the creation of a circular linked list within the data structure that represents the XML...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References37
EUVD
EUVD
added 2026/05/06 6:30 p.m.8 views

EUVD-2026-27838

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 5:27 p.m.13 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...

8.6CVSS6.2AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 3:8 p.m.10 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 3:8 p.m.51 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 3:8 p.m.6 views

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/06 3:8 p.m.2 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 3:8 p.m.26 views

CVE-2026-6691

CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...

9.8CVSS5.9AI score0.02451EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-37642

Name of the Vulnerable Software and Affected Versions mongo-c-driver affected versions not specified Description The Cyrus SASL integration in the MongoDB C Driver performs unsafe string copying during username canonicalization. This leads to a heap buffer overflow, which is a memory corruption...

8.6CVSS6AI score0.00126EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.16 views

PT-2026-34474

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chmod utility allows users to bypass the --preserve-root safety mechanism. The implementation validates if the target path is literally '/', but fails to canonicalize t...

7.3CVSS6AI score0.00175EPSS
Exploits0References15
OSV
OSV
added 2026/04/16 12:35 p.m.4 views

SUSE-SU-2026:1406-1 Security update for util-linux

This update for util-linux fixes the following issues: Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. Non security issues: - recognize fuse 'portal' as a virtual file system bsc1234736. - fdisk: fix possible partition overlay...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 1:4 p.m.3 views

SUSE-SU-2026:21016-1 Security update for util-linux

This update for util-linux fixes the following issues: Security issues: - CVE-2025-14104: heap buffer overread in setpwnam when processing 256-byte usernames bsc1254666. - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. Non security issues: -...

6.1CVSS7.3AI score0.00436EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/09 1:57 a.m.3 views

util-linux: util-linux: Access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS6.1AI score0.00436EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/07 8:2 a.m.3 views

Util-linux: util-linux: access control bypass due to improper hostname canonicalization

...

5.3CVSS5.8AI score0.00436EPSS
Exploits0
EUVD
EUVD
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18817

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2026/04/03 7:17 p.m.7 views

CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS0.00436EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/03 7:17 p.m.5 views

CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS5.9AI score0.00436EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 6:43 p.m.5 views

CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 6:43 p.m.3 views

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References3
Rows per page
Query Builder